Two Factor Authentication

Imagine waking up one morning, opening your laptop and realising you can’t access your online accounts anymore. Your email has been breached, your website, your most precious work and personal data, all gone! and your credit/debit cards have been used to empty your bank account...

Could it have been prevented?

If you were using Two Factor Authentication (2FA) the above scenario would be far less likely...

What is Two Factor Authentication?

Its purpose is to make an attackers’ life harder and reduce fraud risks. If you already follow basic strong password security measures, two-factor authentication will make it much more difficult for cyber criminals to breach your account.

Two-factor authentication adds an additional layer of security by adding a second step to your login. It takes something you know (ie. your password) and adds a second factor, typically something you have (such as your phone.) Since both are required to log in, even if an attacker has your password they can't access your account.

Why do I need it?

Passwords on their own aren’t as infallible as we need them to be. Cyber criminals have the power to test billions of passwords combinations in just a few seconds.

What’s even worse, 65% of people use the same password everywhere. That’s like having only one key for your house, your workplace and your car...

Answers to security questions are also easy to find out, especially now that we are willingly sharing all the details about our lives on social networks and blogs. Anyone that interacts with us on a daily basis can find out the answers to common security questions, such as the graduation year, the city that you grew up in or our first pet’s name.

Passwords are increasingly easy to compromise. They can often be guessed or leaked, they usually don't change very often, and despite advice otherwise, many of us have favourite passwords that we use for more than one thing. So Two-factor authentication gives you additional security because your password alone no longer allows access to your account.

How does it work?

2FA uses time based one-time passwords. With these, in addition to your regular username & password, you also have to enter a 6 digit code that changes every 30 seconds. Only your token device (typically a mobile smartphone) will know your secret key, and be able to generate valid one time passwords for your account. And so your account is far safer.

After the initial set up, you can use the app without a network connection.

A few examples of Two-Factor Authentication methods that you may already be using:

The token issued by your bank, which generates you a specific code at a specific time – you use it with your username and password for Internet banking.
A one time password, that you receive as text message on your mobile phone and you use it when you want to log into your Google, Facebook or Twitter account.
Similar to the one before: a random password generated by an app like Google Authenticator or Facebook Code Generator – you use it to log in to a social media account.


Two Factor Authentication is available for both Joomla and WordPress to enhance the security of your website Admin area with 2FA. Ask your website host or website manager to ensure it is enabled in your site and make your Admin area more secure.

Basic password security

Remember that two-factor authentication it’s not worth the extra effort unless you use it complementary to strong passwords.

  1. Use strong passwords.

    They should be at least 12 characters long, contain upper and lower cases, numbers and symbols.

    By weak passwords we mean:
    • anything that contains the word “password”, “admin”, “querty”, your name or variations of it
    • combinations of easy to guess numbers (“1234”, “1234567890”, “2016”, “0000”, “11111”
    • your spouse’s name, your children’s or pet’s name or birth dates
    • the default password that your service provider gave to you
    • anything from this list of the most popular – and worst – 2015 passwords

  2. Use unique passwords.

    They should be different for every account of yours. Never recycle them.

    This way, if an intruder gains access to one of your accounts, they won’t be able to breach into all of them. It’s the same principle behind not using the same key for your house and your car – if you’ll lose one of them, a criminal will be able to break into the other.

  3. Change your passwords regularly.

    …and never write them down – not in a document that you saved in Cloud or on your Desktop, not in a mail draft, not on a handwritten note that you keep on the desk.

    You can use a Password Manager – it’s a service that will encrypt all your saved passwords. This way, you’ll only have to remember one password, the one for your password manager.

If you follow these steps, together with some basic computer security, you can drastically reduce the chances of having your accounts hacked.